/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package cn.tedu.mall.sso.security.config;

import cn.tedu.mall.sso.security.MyAccessDeniedHandler;
import cn.tedu.mall.sso.security.MyAuthenticationEntryPoint;
import cn.tedu.mall.sso.security.filter.SSOFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.CorsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
public class SSOWebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private SSOFilter ssoFilter;
    @Autowired
    private MyAccessDeniedHandler myAccessDeniedHandler;
    @Autowired
    private MyAuthenticationEntryPoint myAuthenticationEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 放行清单
        String[] permitList = {
            "/*/sso/login",     // 登录
            "/*/sso/logout",    // 登录
            "/*/sso/checkLogin", // 验证登录
            "/*/sso/home",
            "/*/sso/phone/**",
            "/sso/valid/code",
            "/sso/phone/send/code",
            "/sso/phone/login"
        };
        // 禁止跨域请求伪造过滤器
        http.csrf().disable();
        http.cors().disable();
        //关闭跨域
        CorsConfigurer<HttpSecurity> cors = http.cors();
        // Session管理

        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        http.sessionManagement().sessionFixation().none();

        // 认证规则
        http.authorizeRequests()
            .antMatchers(permitList).permitAll()
            .anyRequest().authenticated();
        //权限不足处理器
        http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);
        //未认证处理器
        http.exceptionHandling().authenticationEntryPoint(myAuthenticationEntryPoint);
        // 添加自定义过滤器
        http.addFilterBefore(ssoFilter, UsernamePasswordAuthenticationFilter.class);
    }

    @Override public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
            "/swagger-resources/**",    // Knife4j在线API文档的资源
            "/v2/api-docs/**",          // Knife4j在线API文档的资源
            "/favicon.ico",     // 网站图标文件
            "/",                // 根页面，通常是主页
            "/*.html",          // 任何html
            "/**/*.html",       // 任何目录下的html
            "/**/*.css",        // 任何目录下的css
            "/**/*.js");     // 任何目录下的js)
    }
}
